CN105844139B - The system and method for improving user account access security - Google Patents

The system and method for improving user account access security Download PDF

Info

Publication number
CN105844139B
CN105844139B CN201610088415.8A CN201610088415A CN105844139B CN 105844139 B CN105844139 B CN 105844139B CN 201610088415 A CN201610088415 A CN 201610088415A CN 105844139 B CN105844139 B CN 105844139B
Authority
CN
China
Prior art keywords
character
user
secure identifier
collection
character collection
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201610088415.8A
Other languages
Chinese (zh)
Other versions
CN105844139A (en
Inventor
L.莱希
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Armorlog Ltd
Original Assignee
Amoluoge International Pte Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from AU2009905040A external-priority patent/AU2009905040A0/en
Application filed by Amoluoge International Pte Ltd filed Critical Amoluoge International Pte Ltd
Publication of CN105844139A publication Critical patent/CN105844139A/en
Application granted granted Critical
Publication of CN105844139B publication Critical patent/CN105844139B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/03Arrangements for converting the position or the displacement of a member into a coded form
    • G06F3/041Digitisers, e.g. for touch screens or touch pads, characterised by the transducing means
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/048Interaction techniques based on graphical user interfaces [GUI]
    • G06F3/0487Interaction techniques based on graphical user interfaces [GUI] using specific features provided by the input device, e.g. functions controlled by the rotation of a mouse with dual sensing arrangements, or of the nature of the input device, e.g. tap gestures based on pressure sensed by a digitiser
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/02Marketing; Price estimation or determination; Fundraising
    • G06Q30/0241Advertisements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2113Multi-level security, e.g. mandatory access control

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Human Computer Interaction (AREA)
  • Accounting & Taxation (AREA)
  • Development Economics (AREA)
  • Finance (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Game Theory and Decision Science (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • General Business, Economics & Management (AREA)
  • User Interface Of Digital Computer (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)
  • Information Transfer Between Computers (AREA)
  • Document Processing Apparatus (AREA)

Abstract

System and method this application involves user account access security is improved.A kind of form of the present invention has provided a kind of electronic equipment that display screen is visualized by carrying to the user to access the system of account, communicator including distributing from least one secure identifier to user, the secure identifier include concentrating the one or more characters chosen from a preset characters;One is used to store above-mentioned at least one secure identifier and the database of above-mentioned default characters;One processor, for providing an access interface on above-mentioned visualization display screen for above-mentioned user, the wherein access interface includes a graphic character collection, includes at least the character for forming secure identifier.

Description

The system and method for improving user account access security
The application is divisional application, and the international application no of parent application is:PCT/AU2010/001360, national applications Number it is:201080046835.0 international filing date is:2010.10.14, denomination of invention is:" improve user account access safety The system and method for property ".
Invention field
The present invention relates to the system and method that a kind of user accesses account, especially improve user in the specific login letter of input Security during breath, such as log in internet site, network, software and web application.
Background of invention
It is well known that user by inputted on miniature keyboard or keyboard detailed identity identification information come logging in network, Internet site, software and web application, mobile phone etc..For example, the online banking service that financial institution provides needs user Username and password is inputted on keyboard to access its account information, transfer accounts, payment bill etc..Even ATM(Letter Claim ATM)It is also required to user identity and with Personal Identification Number(Abbreviation PIN)It is identified for the password of form.
By network, especially internet when public networks use input through keyboard username and password when, user meet Face some risks.Third party has invented various means to steal username and password, for example, recorded by keyboard, information draw take Equipment, password conjecture and phishing.
Keyboard record be it is a kind of record keyboard key stroke behavior, typically by it is a kind of it is hidden in a manner of carry out, therefore use The people of keyboard is not just knowing completely to itself action in a monitored thing.This is usually in the case where user knows nothing, and is led to It crosses and software program is installed on the user's computer to realize.
Information, which draws taking equipment, to be connected with computer hardwares such as ATM, and collects user when user is using keyboard The information of input.For example, it is still to be connected to the information of an ATM in the case where client knows nothing to draw and take and set Account information, user name, password and the PIN of standby collectable bank client.
Password conjecture program can realize automatic conjecture user by browsing the modes such as all words in a dictionary at a gallop Password.
Phishing is a kind of process for trying to the sensitive informations such as user name, password and credit card information, such as logical Cross the mode of the electronic communication entity for the trust that disguises oneself as.Under normal conditions, user can receive an envelope and seem to Come from the legitimate email of a trust mechanism, the mail may require that user click on one link and input user name and Password.However, user can be taken to a fake site operated by third party rather than the official website of the mechanism by the link, It is stolen so as to cause the username and password of user by third party.
Since there are intrinsic security risk, many clients refuse to carry out Web bank or telephone bank's transaction.This is not only It makes troubles to client, and makes financial institution that can not independently execute it when client needs to be traded by Web bank Entire Internet-based banking services.
The existing trial for solving above-mentioned safety problem is concentrated mainly on and prevents installing for this kind equipment and software, but herein It is just at one's wit's end after kind equipment and software are successfully installed, and can not effectively take precautions against all of above security threat.
Can program be guessed to resist password by account locking mechanism, but due to computer capacity and user data library management Limitation, these usual mechanism can not use on network.When in use, these mechanism would generally be arranged to its security performance most Low level, so as not to make troubles to user.
Digital certificate be used to prevent usurping for username and password, but in high-end applications, if equipment safety is broken Bad or digital certificate is stolen, then this method can not prevent the access to information.In addition, digital certificate also needs to terminal user's tool There is quite high-caliber operation skill, for most users, generally reach the guidance that this degree is required for technician.By Substantial amounts of information desk is needed in such words mechanism, this causes in internet or wide area network(Abbreviation WAN)Make in application program It is excessively high with the cost of digital certificate, and the expense of terminal user's acquisition site technology guidance is also higher.Since operating system must Must be mutually compatible with digital certificate, and the continuous evolution and development of operating system further complicate the management of digital certificate.When Can using mobile communications network come access internet and respectively come with different proprietary operating systems equipment obtain it is a wide range of general In time, this problem will be highlighted more.
" SiteKey " is a kind of dedicated for preventing the existing system of phishing attacks.It is a kind of network-based Security certification system increases security by proposing a series of Authentication Questions.User passes through input in Website login Its user name(But password need not be inputted)To verify identity.If user name is effective, system can together be shown to user Pre-set image and signal language.If identified through user, the image and signal language are not set by itself, then user pushes away The disconnected website is fishing website and abandons logging in.If user identifies the image and signal language, user can regard the website For formal website and continue to log in.
However, SiteKey systems are found, there are loopholes.Most of all, it can not resist some most common fishing Scene, because it may require that user answers a question, but so personal information will be revealed, and so as to jeopardize privacy of user, this is just It provides convenience for man-in-the-middle attack, and user name is caused largely to be stolen.In addition, people in SiteKey, it was also found that even if scheme In the case that picture and signal language do not occur, user is also easily provided its log-on message.Therefore, its design be not very into Work(, and because the leakage of personal information, adds the generation that identity steals event, middle phisher is still in some cases It can the relatively easily illegal steal information at target of attack.
Therefore, it is necessary to security of the user when inputting log-on message to access user account is improved, at least to make Some security threats described in text are inhibited.
Brief summary of the invention
Generally, the present invention accesses interface to show one group of default character set using graphical display, and user can be therefrom Selection at least forms one or more characters of a unique secure identifier.
One aspect of the present invention provides a kind of electronic equipment that display screen is visualized by carrying to access user's account The method at family, this method comprise the following steps:To user distributes at least one secure identifier, the secure identifier is included from one A preset characters concentrate the one or more characters chosen, wherein at least one character in the default characters is non-letter Numerical character;One is provided to above-mentioned user access interface to input above-mentioned secure identifier on above-mentioned visualization display screen, Wherein the access interface includes a graphic character collection, includes at least the figure for the character for forming above-mentioned secure identifier It represents;Allow above-mentioned user by choosing the character that graphic character is concentrated to input above-mentioned secure identifier;It and will be above-mentioned The safety sign symbol of input is compared with the default secure identifier stored in the database, if compared successfully, system Allow to access above-mentioned user account.
The second aspect of the invention provides a kind of electronic equipment that display screen is visualized by carrying to access user The system of account, including:For at least distributing the communicator of a secure identifier to user, which includes The one or more characters chosen are concentrated from a preset characters, wherein at least one character right and wrong in the default characters Alphanumeric character;One is used to store above-mentioned at least one secure identifier and the database of above-mentioned default characters;One The processor at an access interface is shown to above-mentioned user on above-mentioned visualization display screen, the wherein access interface includes one Graphic character collection, the figure for including at least the character for forming secure identifier represent;In addition, the processor be also used for by Above-mentioned secure identifier on above-mentioned graphic character collection input by user and the security identifier being stored in above-mentioned database Symbol is compared, and the above-mentioned secure identifier inputted and the default secure identifier being stored in above-mentioned database are carried out It compares, if compared successfully, system allows to access above-mentioned user account.
The third aspect of the invention provides a kind of electronic equipment that display screen is visualized by carrying to access user The system of account, including:For receiving the first of at least one secure identifier communicator, which includes The one or more characters chosen are concentrated from a preset characters, wherein at least one character right and wrong in the default characters Alphanumeric character;One band accesses user account and reception one there are one the electronic equipment of visualization display screen for request A access interface is to input above-mentioned secure identifier, and wherein the access interface includes a graphic character collection, the character set It is represented including at least the figure of the character of composition secure identifier, in addition, if the secure identifier inputted is with being stored in number It is compared successfully according to the default secure identifier in storehouse, then can also be used to access above-mentioned user account.
The fourth aspect of the invention provides a kind of system for accessing user account, including:Communicator, for receiving Request, which accesses the request of above-mentioned user account and responds the request, sends an access interface, and the wherein access interface includes one Graphic character collection, the character set include at least the figure expression for the character for forming a secure identifier, the security identifier Symbol is containing one or more characters that selection is concentrated from a preset characters, wherein at least one word in the default characters Symbol is non-alphanumeric characters;And a processor, for receiving and by above-mentioned secure identifier with storing in the database Default secure identifier be compared, if compared successfully, allow to access above-mentioned user account.
In addition, the present invention also provides a kind of software product, for effectively implementing the method for the first aspect.
In one form, default character set be user's subset it is exclusive.This improves the security of system, because For different user or user's subset, character set is different, and which increase password conjecture programs may need the character guessed Quantity.
In another form, the default characters be user account administrator it is proprietary.Password conjecture program is still It is difficult to determine the character set for being supplied to user, because each administrator, such as each mechanism, its own character can be designed Collection.In addition to different user subset using different character set, which further improves securities.
User is preferably required to input more than one secure identifier one by one, is ideally in independent logon screen On using independent customized graphics show character set to input each secure identifier, security is improved with this.For example, user It may need to input user name, then input password, then input PIN.In other forms, phase can be used in each logon screen Character set together may only use a logon screen.
The default characters of the secure identifier each distributed may be different, this also contributes to increase access system Security.
User inputs safety preferably by selecting the character on graphic character collection on pointer device or touch-screen Identifier.In this way, keystroke logger can not just record the keystroke in conventional keyboard, user is accessed so as to contain it without permission Details.But in another form, one group of keyboard can be used to select shown character, such as tab key And arrow key.
Alternatively, user can be by least selecting a character on graphic character collection to input a part of security identifier Symbol, and input another part secure identifier by selecting the button in conventional keyboard.
Advantageously, for each tentative access behavior, the order or side which can be different To being shown, further to inhibit the details that keystroke logger obtains user.
In order to inhibit password conjecture program, after secure identifier inputs predetermined number by mistake, preferably refuse user Account access.In addition, if selected not included character, i.e. the character beyond the graphic character collection allowed, So best also denied access user account.
In another form, the default characters of each user and secure identifier can be different, with increase can The selection quantity of energy and the difficulty for increasing conjecture user identifier.
For some administrators or mechanism, advertisement can also be included by accessing interface, and administrator is made to make to its system Additional financial income is obtained with middle.
The present invention each form by inhibit keyboard record, information draw taking equipment, password guess device and(Or)Network fishes The threat of fish improves user to access security when user account inputs identity identification information.For example, by using pin To each user unique customizations, be secured to account name binding and only log in when just show graphic keyboard character set, It can prevent phishing from swindling.By using this mode, when client is cheated to an illegal website, use would not occur allowing Family inputs the necessary self-defining character collection of its safe ID.If different character set is applied in multiple logon screens, then just Composite effect can be generated.If safe ID is not inputted using known keyboard layout, especially QWERTY keyboard, then also can Enough prevent keyboard from recording.In addition, even if capturing keystroke, the safety value for selecting character is also that third party is unknown, Er Qieru Character layout when fruit logs in every time is all different, then third party also is difficult to be logged in or be guessed.If it is not wrapped in safe ID Include the letter and number character of standard, then password conjecture device will also be curbed.It is in addition, special by using administrator or mechanism Some characters will make password conjecture device hard to work.Information can be inhibited and draw by upsetting the order of character and position at random when logging in The safe ID of taking equipment obtains function.
It is contemplated that the present invention also will be helpful to prevent that legal internet traffic is transferred to fake site is obtained with intermittence The domain name addresses deception of user login information is stolen and redirecting technique, because when there is no during required character set, user will Its code can not possibly be inputted.
Brief Description Of Drawings
Description, description of the invention embodiment are explained.Appended explanation also will further highlight this hair The characteristics of bright and advantage.
Fig. 1 is a situation figure, provides the system overview in one embodiment of the invention;
Fig. 2 a to 2j(Hereinafter referred to as " Fig. 2 ")Show a kind of flow chart of example implementation of the present invention;
Fig. 3 is the summary general introduction of the implementation setting up procedure of Fig. 2 methods;
Fig. 4 is that " user name " is used to access interface and graphic character as the example level-one input of input field title Collection;
Fig. 5 is that " password " is used to access interface and graphic character collection as the example two level input of input field title;
Fig. 6 is that " PIN " is used to access interface and graphic character collection as the example three-level input of input field title;
Fig. 7 is that exemplary security ID creates access interface and graphic character collection;
Fig. 8 is the example administrator data storehouse form for setting the safe ID of some specific user;
Fig. 9 is the example administrator data storehouse form for setting some particular user login;
Figure 10 is example capital characters collection form;
Figure 11 is another example capital characters collection form;
Figure 12 is that the exemplary security ID in another embodiment accesses interface, wherein using conventional keyboard character.
Preferred embodiment explanation
The present invention is not for any specific hardware or software implementation, and concept hierarchy is higher than specific implementation.It should manage Solution, without deviating from the spirit or scope of the invention, may be present the present invention other various embodiments and to this Invent the change carried out.Hereafter contribute to understand the actual implementation of specific embodiments of the present invention.
As shown in Figure 1, user 10 accesses the account created in mechanism 11 by network or the request of application program 12.The net Network can be a global computer network, such as internet.User 10 can there are one the electricity of visualization display screen by a kind of band Sub- equipment asks to access, such as mobile phone, personal digital assistant(Abbreviation PDA), BlackBerry, laptop or personal computer 14 or other any equipment for being able to access that network of relation or application program 12, this may include to be able to access that www worldwide web The terminal of the networks such as network internet.The network can be independent network, LAN, wide area network, internet, cell phone network, nothing Line or cable network.But the present invention is not limited to only be used on network, it may also be used for log in software or web application Deng." network or application program " can be broadly interpreted as user 10 be desirable for it is a kind of with visualization display screen electronics set It is standby to access any means of account.Server or processor 16 include an input-output apparatus 15 for communication, the clothes Business device or processor make it input safety post for receiving the access request that user 10 sends and starting logon process for user 10 Know symbol, such as user name, password, roaming code, PIN.Server or processor 16 connect or store safety comprising one The database 17 of ID, character set etc..Server or processor 16 can be operated by mechanism 11 or grasped by third party Make, result is then communicated to mechanism 11.Server or processor 16 send a login interface 20 by network 12 and show In the equipment 14 of user 10, user 10 is prompted to input its secure identifier(Referred to as " safe ID ").Then, user 10 inputs it Safe ID(It is as described further below)Afterwards, information is communicated back to server or processor 16 is handled.
According to one embodiment, the flow chart of Fig. 2 shows that a kind of defending party to the application is known as that " variable proprietary character set is multi-level It logs in "(Abbreviation VPCSML)Example access or logon process implementation.This method can pass through a stand alone software application journey Sequence integrates existing access application to implement.
User 10 accesses the website or application program that it is desired access to by browser or other interfaces, and occurs one Entr screen has the login option that can be chosen on screen.Once selected log in, will to account keeper server or Processor 16 sends a request 100.Server or processor 16 receive request Concurrency and send a sign-on access interface 20, show On the visualization display screen of 10 equipment 14 of user.Interface 20 shows a unique graphic character collection 102, should Character set is the self-defining character collection founded by administrator, inputs its safe ID value for user 10 as " keyboard ", for example uses Name in an account book, password, PIN etc..
The quantity of safe ID values needed for user depends on mechanism, user attempts the account accessed and required safe level Not.For example, for some logins, a safe ID value may be only needed(Such as user name)Although two are at least used under normal conditions A safe ID values(Such as user name or account and password), it is ideally at least to use three safe ID values(Such as user name, close Code and PIN).In the security situation of some higher levels, the safe ID values of three or more can be used.In the present embodiment, make With three safe ID values, level-one value is expressed as(User name), two level value(Password)With three-level value(PIN).It should be noted that , user name, password and PIN for illustrate with help understand.They only represent the safe ID codes of three ranks, can Needs are implemented according to system, arbitrary name is carried out to code input field.If administrator uses unique input field name of code, The protection of higher level may be then obtained, because any fisherman, which is not known to user, asks for which type of code.
Fig. 4,5 and 6 show that shown example graph on the visualization display screen of 10 equipment 14 of user shows character Collection(Referred to as " GDCS ")300, but according to the ability and complexity of used technology platform, any combination and type can be used Character.
GDCS 300 enables user 10 on visualization display screen character graphically to be selected to form user's Safe ID simultaneously inputs desirable value, so as to access to user account.Forming the preset characters of GDCS 300 may include any shape The character or symbol of formula, such as letter 302, number 304, capitalization 306 and small letter 308, punctuation mark 310 and image or picture 312 Or different colours(It does not show).In entire description and claim, the character or symbol of all these forms are referred to as " word Symbol ".Each safe ID preferably at least includes the character of each form, to improve security(Such as at least one number, figure Picture, letter etc.), therefore character set and GDCS 300 will include more than one character style, but in other embodiments, character May there was only a kind of form, such as entirely image or entirely alphanumeric character.It should be pointed out that GDCS 300 is simultaneously It will not show all characters that preset characters are concentrated, be further described.On the contrary, when logging in every time, can only show Show a subset of all default character set of mechanism.
Preferred embodiment can be by some in the character set comprising at least three-level or inenarrable three-level more than rank Character carrys out additional elevation security level, and it is difficult to be deceived and oral leakage this type of information to make user.In the ideal case, for all Code, system should perform stringent privacy policy, and user should never be required to reveal code in any operating process.
For proprietary system or administrator, character set is preferably unique, and independently of other applications, passes through It is only limitted to programming personnel and knows bottom code and encryption to prevent code from being cracked in binary system rank, so as to further carry High security.One character set can be applied to entire mechanism, user or network subset according to type or group grouping, Huo Zhewei Used in host interface, hacker is made to be more difficult to using ready-made code, because these codes will not be incorporated into self-defining character collection.This has Helping enhances programmer and user carries out digital combination by each character, can further defensive attack, even if in machine code level Not.
When logging in every time or even in the pole conspicuous position of needs more high security level(Such as operated in ATM machine When, to prevent from drawing the PIN for taking family)During login, be shown to the character sequence of user on GDCS 300 and position may all be with Machine.The order of each character set class value can also be changed at random further to prevent gradual fishing from attempting(It is such as defeated first Enter password, followed by user name, be finally PIN).
Once the display screen of user 10 receives GDCS 300, user 10 is prompted to input its level-one value.The level-one Value is preferably set as administrator and in advance known to being user, and with a fixation user account that only administrator knows Name binding.Alternatively, user can click on the link on logon screen or send a telegraph Customer Service Center to obtain the level-one value of system.
User name is ideally fixed never to reveal to user and be only used for tracking safely.Administrator can as needed or All personal code work input fields are arbitrarily periodically changed, without opening up New Account, while still maintain account safety.If account Stolen, then administrator only needs to distribute new authority, without reconnecting or transmitting database information or create one newly Access privilege collection.
As described previously for one group of user of a character set, setting for level-one value need to include the word that preset characters are concentrated Symbol, such as the character set shown in Figure 10 or Figure 11.In this way, administrator can set different groups on different Website logins User limits the influence of Denial of Service attack by scattered login interface.Level-one value can be basic, you can be one A name " John Smith " or a number " 1234 ", can be completely by letter and number word without real security Symbol composition.But for safety, user name preferably at least includes some spcial characters described above, as image or punctuate accord with Number.
It should be pointed out that GDCS 300 not necessarily includes all characters that mechanism preset characters are concentrated.On the contrary, it can only show Show and give user one available characters subset.In some forms, shown subset is random, and in each logon attempt When may all change.It is further to be noted that during each logon attempt, the position of character and order can also be sent out in GDCS Changing, and will change in some forms or even after user selectes each character.
Main default characters shown in Figure 10 and Figure 11 are to provide for ease of understanding, and any number of character can be used Or the combination of picture and the two, and can be selected from the various types of database with related subprogram, with further Control the character selected by each character set.For example, according to code rank, character may be selected limitation by subprogram Only to contain the grid of number.For specific user's group profile, other selection criteria and form can be included, this helps to carry For more relevant with user's character set and easily memory graph image.In some security levels, if periodically reset password or Longer Password Length is needed, user can be based on relatively simple character option(Such as it is alphanumeric character)To select user Name or password etc..In some cases, if often resetting password, compared with alphanumeric character is only used, image word is used Symbol may not be optimal case, because user can have found to be difficult to remember the graphic character constantly changed.If some particular safety Rank requirement can be done appropriate mark in management database is set, be referred in Fig. 9 " required word using non-alphanumeric characters Accord with number " column.
Pointer device or touch panel device is preferred to input safe ID values rather than conventional keyboard in user 10, to prevent Only key logging program record keystroke.But interface can be programmed, it is made to come using keyboard cursor, tab key and return key Do simple figure button selection.This is beneficial to transformation existing equipment, meanwhile, it supports using the more base that can provide graphics standard This PDA device.If without using pointer device but keyboard cursor, tab key and return key is used either to use key simultaneously Disk button and pointer device are inputted, then person of peeping is more difficult to determine the definite content of input.Ideal state is that the two is mutually tied It closes, but the exact level that may implement depends on the receptible complexity of administrator and client institute.
Alternatively, the enter key on existing equipment can also be used, such as the data input button in ATM machine can be matched somebody with somebody It puts, allows users to graphic character shown on selection screen.
Another method is to input a safe ID value by selecting the button in conventional keyboard(Such as user name), use The graphics system introduced at present inputs two level or three level security ID values(Such as password).
Figure 12 shows another alternative, and the word shown by GOCS 300 is represented using the button in conventional keyboard Symbol order.For example, if safe ID includes four characters "@&H3 " and GOCS 300 is shown with the order of 9H3.&+@Kg* 10 characters(As shown in 702), then the order of these characters can be represented by " ABCDEFGHIJ " key in conventional keys(Such as Shown in 704).When inputting safe ID values, user can be corresponding with required character sequence shown on screen by selecting Keyboard selects required character, i.e., is " GEBC " 706 in this instance.In this way, representated by actual key be not peace Full ID, and take device to take precautions against Key Logger and drawing, character set order during each logon attempt can be different.
In the case where that may be peeped, to strengthen security, masking 106 can be carried out to safe ID values, with further The possibility for visually observing or monitoring and snatching password is reduced, and(Or)If system resource allows, the property of can be chosen Encryption.
To further improve safety coefficient, can be used containing there are one user's MAC address, IP or the FQON of static IP or FQON Safe ID values are tied in login service device identification equipment, will be managed according to Account Type.It, can be with for family expenses It is MAC Address, and user may need the server used to it to resubmit the request for accessing details.For enterprise With can be controlled based on personal static ip address or entire subnet etc. or FQON.
Once user 10 has inputted the level-one value 108 specified, the value that user is inputted will be with being stored in " user's fixation account Title records "(Abbreviation UFANR)Level-one value in administrator data storehouse is compared 110.Fig. 8 shows an example UFANR Database table.
The default characters 404 of safe ID value 402 and each safe ID value 402 of the UFANR databases 400 including user, If applicable, safe ID values 402 are by the date 406 being reset, fixed user name 408 and reference number 410, Account Logon address 412 and one represent the field 414 that whether is locked of the account.
If not finding level-one value 112 input by user in UFANR databases, it can check whether user has input and not wrap Character 114 including including.Not included character refers to all character combinations beyond the character set being allowed to, and can be single A character or multiple characters.If it is intended to possess the application of more high security level, can introduce one group it is not included Character set is locked, as shown in Figure 10 and Figure 11 immediately with determining potential hacker attack.Not included character set can wrap A character subset in same default characters is included, for specific user(As shown in figure 11).Alternatively, not included word Symbol collection can be an individually defined character set or form(As shown in Figure 10).But required character and not included word There had better not be overlapping between symbol, to avoid unexpected generation.If finding not included character 116 in user inputs, An entry can be then generated, the invalid account access 118 carried out is attempted to record the not included character of first use, And the warning notice 120 of invalid account and unwarranted login can be shown to user.Then, may user requirement it is again defeated Enter level-one value or contact administrator.Meanwhile user can also be prevented to again attempt to step on for accessing the IP address of Website login Record.
Not included character will not generally be used for level-one character set, because this may cause malicious hackers to be guessed at random It surveys effective level-one value and causes to sabotage to what account used(It but as described above, may in some high-end applications It needs so to do).But invalid input will generate lock notification, because invalid input shows that currently in use is that password is guessed Survey device rather than on-screen keyboard.Allow to carry out repeatedly overtime reset in two level in addition, system is alternative(Number is true by administrator It is fixed)If level-one value has been broken through in random hacker attack, then due to trial conjecture next stage other safety value account is caused to be locked Fixed, then the above method can reduce the possibility made troubles to user.System allows the highest number of replacement being arranged on normally Below the number that account is locked, because if reaching this value, then show that account is just under attack.In addition, relatively low rank Also the strategy can be used certainly, but this can significantly reduce the security level of system, not recommend this way.
It, can be in " user's logon error permission " if not finding not included character 122 in user inputs (Abbreviation ULETL)Number of retries 124 is checked in enumeration data storehouse.Fig. 9 shows an example ULETL database table.
For each safe ID ranks, ULETL databases 500 are alternative to include a maximum 502 and minimum 504 characters Length, before account is locked the permitted number of retries 506 of each safe ID ranks, whether can be replicated in safe ID values Twice and(Or)Character 508, safe ID values must be reset three times cycle 510, whether it is necessary to resequence GDCS with Character when machine upsets its display location and order 512, account locking replacement 514 and code is reset resets 516.
Account locking resets 514 and can be used for a unwarranted side is avoided to attempt to access website and bring not to user Just, as hacker navigates to website and attempts to guess effective user password.The purpose reset is set to be to cross administrator It can carry out again or repeatedly attempting after predetermined time.
When resetting password, alternative, which is forced, resets character 516, and fisherman is made to be more difficult to accumulate necessary information combination Account is finally accessed to gain user rs credentials by cheating.
If number input by user has been more than number of retries 126 listed in ULETL, a journal entry can be generated, Attempted with recording the incorrect significant character of first use carry out invalid account access 118, and can be shown to user it is invalid Level-one value and the warning notice of unwarranted login 120.The setting of account locking strategy is allowed depending on user's logon error Degree strategy.Because for user 10, character set is unique and is only known to user and mechanism, so can basis It needs suitably to extend the deadline permission.For example, if 85% safe ID is correct, the number of retries allowed may be configured as 10 times;If Correct ratio can then be retried three times less than 85% before account is locked;If having used not included character, Then lock an account immediately.
It should be pointed out that in level-one, hacker's behavior can't cause account to lock, unless there are fields match, i.e., it is black Visitor hit it level-one virtual value after in next stage have input invalid entries.So that it takes up a position, for example, if interface can be by public visit (Such as internet), then it is alternative to allow to carry out the once locking replacement based on additional a period of time.This is in order to avoid random The inconvenience that is brought to user of hacker's behavior.The system is that account is allowed to lock better than one of advantage of existing system, simultaneously will It is preferably minimized with such relevant management work of locking.
If it does not find level-one value 112 input by user in UFANR and user does not input not included character 122, and input number and not less than ULETL count 126, then can be shown to user one retry notify 128 and ULETL use Family input number adds 1.Then, user can re-enter level-one value, and repeat above-mentioned verification process.
If finding level-one value 132 input by user in UFANR, account lock token can be checked in UFANR 134.If administrator has a misgiving to logging in safety or client asks account disabled or for any other reason, then Account lock token can be set.If account lock token is arranged to lock an account, it can show that a locking is logical to user Know 138.
If found in UFANR level-one value 132 input by user and and be not provided with account lock token 138, be System can determine whether in management sets UFANR databases with the presence or absence of secondary safety ID values 140.Two level value is the safety of higher level Rank, and password can be named as.If there is no two level value 142, then overweight tagging 144 is being checked(It will do below It further illustrates)Afterwards, user is authorized to system 146, and logon process terminates at this time.
It, can be on the visualization display screen of user equipment 14 to user if being provided with two level value 144 in the database Show a customized secondary interface.Secondary interface shows a two level graphic character collection for aiming at user's establishment 148.Fig. 5 shows an example interface and GDCS, according to the ability and complexity of used technology platform, can be used any Character or icon of type and combinations thereof.Although for safety, it is preferred to use different character set, two level GDCS can be with one Grade GDCS is identical.
If as shown in figure 9, being provided with " rearrangement " mark in managing setting data storehouse, can be come with different order Show two level GDCS.Change sequentially, to enhance security, also a character can be often inputted after each login attempt in user Change order afterwards.
Once showing two level GDCS to user, user described herein above will select institute with inputting the identical mode of level-one value The two level value 158 that the character input user needed specifies.Two level value can be in advance by Administrator or by user when creating an account Set or periodically or reset at any time.Masking input area 160 is preferably able to, in case user's input is got a glimpse of.
Then, two level value input by user can be compared 162 with the two level value being stored in UFANR.It then, can be to not Character, number of retries and the account locking being included carry out the checking process identical with level-one value.If meet condition but two Grade value is incorrect, then user may be prompted to re-enter two level value.Alternatively, to improve security, user may be again Level-one value interface is returned to, re-enters level-one value.
If meeting the above-mentioned and relevant condition of two level value, it can check and whether there is three level securities in UFANR databases ID values 188.In the present embodiment, three-level value is PIN, but other kinds of safe ID can also be used to substitute.If there is no Three-level value 190 is then checking safe ID replacements mark(It can hereafter be described further)Afterwards, user is authorized to system 146, Logon process terminates.
If being provided with three-level value 192 in the database, one making by oneself with three-level value GDCS of user can be shown to Adopted three-level value interface 194, Fig. 6 show an example interface and GDCS.But according to the ability of used technology platform and again Any kind of character or icon and combinations thereof can be used in polygamy.
If being provided with rearrangement mark 200 in managing setting data storehouse, three-level GDCS can resequence display. User inputs the three-level value specified by selecting the character of above-mentioned display.Three-level value can in advance be set when creating an account or Person is regular or resets at any time.Masking 204 can be carried out to user input area, in case user's input is got a glimpse of.
Then, three-level value input by user can be with the same way applied with above-mentioned level-one value and two level value with being stored in Three-level value in UFANR is compared 206.
After necessity checks, if finding three-level value 206 in UFANR, check in UFANR and reset with the presence or absence of level-one Mark 144.
Safe ID values are arranged to variable by alternative(It checks and resets mark), and by it with only webmaster Know and user it is unknown safety user fix account name database be connected.This makes user that can change peace at any time according to security strategy Full ID, because security strategy may allow or force the safe ID values of user's periodic modification.It reduce user data library managements Cost, while will also retain the full log of problem user, it can be configured according to network strategy, higher is kept for these users The limitation or locking of rank.
Therefore, if there is provided level-ones to reset mark 208, it can show to user and be set by administrator for the level-one value of user The self-defined graphic character set put, Fig. 7 show an example interface.User inputs a new level-one value 210 and the Reaffirm the value in two columns.This two column is all shielded, and 212 are peeped to prevent user's input.If the first column and the second column 214 are mismatched, then user can be prompted to re-enter 216.If two columns matching 218, confirms the new level-one value for wanting modification, then The level-one value 220 in UFANR can be updated, and the level-one reset period in UFANR is reset 222.
Then, it can check in UFANR and reset mark 224 with the presence or absence of two level.If not checking two level resets mark, It can check that three-level resets mark with identical process.Once completing reset process or being not provided with marking, then user is authorized to visit Ask account.
New safe ID is preferably different from any safe ID being previously used.New safe ID can be set by administrator or user It puts or generates at random in some cases.
In some forms, multiple screens may be included in existing logon screen.This can realize same on the screen at the same When show the input fields of all ranks.In this case, system may need to carry out again after all input fields are fully entered It submits and system compares.
Fig. 3 summarizes the implementation setting up procedure for outlining the above method.The character set that user uses determines 600 by administrator. Level-one value(User name)It is chosen by administrator from default character set 600 and sets 602.Two level value(Password)By user from pre- If character set 600 in choose and set, and by the regular reset time table 604 of Administrator.Three-level value(PIN)Also by user It is chosen from default characters 600 and sets 606.
Administrator can add additional security level by adding additional safe ID ranks in UFANR.In this example In, system described herein is arranged to three ranks --- a user name, a password and a PIN, but in other realities It applies and three or more ranks can be used in example.In the present embodiment, password and PIN be by user setting and change, but if with Family is allowed to change PIN, then suggests adding the PIN or password of a rank again, the PIN or password can only be other by supervisor level People is modified, and is stolen to prevent identity.
Logon error retries rank and is configured 608 according to security restriction and strategy by administrator.Administrator will safety ID fixes account name record binding 610 with the user to administrator's secrecy.It is worth and the arrangement of time 612 rearranged and safe ID 614 options are reset to be determined by administrator.All values are stored in Administrator database.
When account is locked and determines the validated user that user is account, administrator can distribute new safe ID to user Value.In addition to the code of lowest level, the new safe ID values of all ranks additionally added preferably are made of fresh character collection.In this example User PIN or should not at least be reset using the safe ID of the input of lowest level by user oneself, be stolen to prevent identity. Ideally, the safety value of lowest level must not just be changed once distributing.If necessary to change the safe ID, then need at this time It creates new user account and the true identity of this positive people for attempting the operation account is checked by established account. If having to allow the safe ID for changing some rank, should the safe ID ranks of reactivation one, be stolen to prevent identity. " variable " word is not the column that should be allowed to change for representing the column that can be changed;This be by the other people of supervisor level Lai Definite.
If it will be added in existing safety database not as an a kind of part for improved safeguard construction To implement, then can verify use using a kind of optional password filler script in the secure subscriber database of existing system Family.Required system password and user name will be stored in fixed customer data base, then big by being retrieved and provided to Legacy user's name and cryptographic interface needed for most routers, network system and computer operating system.This will change the system Make existing Legacy System.
In addition, advertisement can also be received by accessing interface, developer can build in this, as a kind of optional revenue source for system If it provides with funds with maintenance.The system, which can also be used to being additionally provided one or two graphic character and be added to conventional keyboard input, to be tested In card pattern, to increase a password or user name security level, and if without customized interface software, it can not generate Password or user name.It is also used as another security level at digital certificate interface and by carrying number on user equipment The defined interface of certificate controlled and updated or when periodically redistribute certificate when be modified or more newly arrive change it is close Code.Login can be positioned to allow for carrying out local and remote access using shared or separate interface.
Client institute bound by using the fixation account name with client and only just shown when logging in, each is exclusive Self-defined figure keypad character collection can guarding phishing swindle attack to high-end applications such as bankings.If in this way, When client is cheated and accesses an invalid website, it there will not be the necessary self-defining character collection that client is allowed to input password. Fisherman wants in the case of obtaining the other keyboard of even lower level that keyboard will be customization, and necessary if carrying out fishing and attempting It is each customized keyboard to replicate this, this can cause fisherman to take very big strength only to storm and capture a safe level Not.Then, in each subsequent rank, they will have to user cheating again and inveigled be back to another website The safety value of next rank is obtained, it is difficult to gain information by cheating from client there to make fisherman.If necessary to very high safe level Not, and optionally service life code is reset, and changes keyboard when resetting the code of one or more ranks, together When code reset time interval it is shorter, then fisherman be difficult to implement this method, because if successfully to obtain information, They will need all codes for before key code change user being allowed to reveal all ranks in multiple cyber-attack.
The behavior of keyboard record also will due to fail using known keyboard layout especially QWERTY keyboard inputting safe ID and It is suppressed.In addition, even if capturing keystroke, third party can not also learn selected character value, and if when logging in every time Character layout it is all different, then third party also is difficult to be logged in or be guessed.
In addition, password conjecture device will also be limited due to not including the letter and number character of standard in safe ID System, in addition, using the proprietary character of administrator or mechanism password conjecture will be made to become abnormal difficult.
The present invention can strengthen the use of user peace with reference to existing security systems such as SiteKey web portal security Verification Systems Entirely.Equally, the present invention can be used in combination with other safety measures, such as send message or identifying code to user mobile phone to verify user The system of identity.
In the present description and claims, one word of "comprising" and its derivative words include all integers, but are not excluded for Including other one or more integers.
Throughout the manual, the specific work(related with the present embodiment with reference to described in " one embodiment " means specification Energy, structure or feature are comprised at least one embodiment of the present invention.Therefore, different position appearance in entire description " in one embodiment " this phrase is not necessarily referring to same embodiment.In addition, such specific function, structure or feature One or more combinations can be carried out in any suitable manner.
It is discussed above to be only used as to principle description of the present invention.Further, since be familiar with the field people can at any time into Row various modifications and change, so do not require to limit the invention to shown and described exact configuration and operating method, therefore, Within the scope of the present invention, all appropriate modifications and replacement can be carried out to the present invention.

Claims (27)

1. a kind of provide the method for the access to user account, this method bag via the electronic equipment with visualization display screen Include following steps:
At least one secure identifier is issued the user with, which includes concentrating one chosen from a book character Or multiple characters, and the book character collection independently of the electronic equipment and be user's subset it is exclusive;
One is provided on above-mentioned visualization display screen and accesses interface so that above-mentioned user inputs above-mentioned secure identifier, wherein should Accessing interface includes a graphic character collection, includes at least the character for forming above-mentioned secure identifier;
The character and the specific position phase on visualization display screen that the graphic character collection is arranged such that each display Association, the graphic character collection is independently of the electronic equipment;
Associating between the specific position and shown character on the visualization display screen is based on setting independently of the electronics Standby definite display order;And
Wherein described graphic character collection and the book character collection include at least one common characters;
Determine the one or more visualization screen positions selected by the user, one or more of visualization display screens Position corresponds to the character on the graphic character collection;
Input is determined based on graphic character associated with one or more visualization screen positions that user selects Secure identifier;And
The secure identifier of above-mentioned input is compared with storing predetermined secure identifier in the database, if compare into Work(then allows to access above-mentioned user account;
Wherein described graphic character collection is to customize and be linked to the user account.
2. it according to the method described in claim 1, further includes:
Comparison success in response to the secure identifier and predetermined secure identifier that are inputted, inquires user to input one or more A add-on security identifier.
3. according to the method described in claim 2, wherein,
The incorrect input pre-determined number of first secure identifier causes to reach the access denied of the user account pre- timing Between be spaced;With
The incorrect input pre-determined number of Subsequent secure identifier causes to be prohibited the access of the user account.
4. according to the method described in claim 2, wherein, the book character collection of each secure identifier is different.
5. according to the method described in claim 2, wherein, each secure identifier is inputted on individual interface.
6. the method according to claim 1, wherein the one or more of visualization screen positions selected by the user It is selected using pointer driving device or touch-screen.
7. the method according to claim 1 further includes:
Correspond to the exclusion of the graphic character collection in response to the visualization screen position for determining to be selected by the user Character refuses the access to the user account.
8. the method according to claim 1, wherein the user is at least one on the graphic character collection by selecting Character inputs the security identifier to input the first portion of the secure identifier by selecting the key in conventional keyboard The second portion of symbol.
9. according to the method described in claim 1, wherein described book character collection and the secure identifier are specific to the use Family.
10. according to the method described in claim 1, wherein described book character collection be the user account keeper it is proprietary 's.
11. according to the method described in claim 1, wherein, attempting to access for each, in a different order or orientation shows institute State graphic character collection.
If 12. have input incorrect secure identifier pre-determined number according to the method described in claim 1, further including, The step of refusing the access to the user account.
13. according to the method described in claim 1, wherein, the character that the book character is concentrated includes selecting from following group The one or more character types selected:Alphanumeric, punctuation mark, image, picture and color.
14. a kind of method for being used to provide the access to user account via the electronic equipment with visualization display screen, described Method comprises the following steps:
At least one secure identifier is issued to the user, the secure identifier includes concentrating the one of selection from book character A or multiple characters, the book character collection is independently of the electronic equipment, and each word of wherein described book character collection Symbol is mapped to main table and provides capital characters position;
Generate graphic character collection, graphic character collection include at least one character from the book character collection and The character for forming the secure identifier is further included, and the character of wherein described graphic character collection is arranged with random sequence And it is mapped to the main table;
The access interface that the secure identifier is inputted for the user is provided on the visualization display screen, wherein described Accessing interface includes the graphic character collection;
By allow the user by select the position of character selected by character and the identification on the graphic character collection come It inputs the secure identifier and determines user's character position, the character of the graphic character collection is in the visualization display Position on screen is determined according to random sequence;
User's character position is mapped to the capital characters position;
The character at the main epitope place of putting will be stored in compared with storing predetermined secure identifier in the database, if Compare success, then the access to the user account is provided;
Wherein described graphic character collection is to customize and be linked to the user account.
15. according to the method for claim 14, wherein the graphic character collection is arranged within a grid.
16. a kind of non-transitory computer-readable medium for including instruction thereon, described instruction make when executed by the processor The processor is obtained to perform for the method via the electronic equipment offer with visualization display screen to the access of user account, This method comprises the following steps:
At least one secure identifier is issued the user with, which includes concentrating one chosen from a book character Or multiple characters, the book character collection independently of the electronic equipment and be user's subset it is exclusive;
One is provided on above-mentioned visualization display screen and accesses interface so that above-mentioned user inputs above-mentioned secure identifier, wherein should Accessing interface includes a graphic character collection, includes at least the character for forming above-mentioned secure identifier;
The character and the specific position phase on visualization display screen that the graphic character collection is arranged such that each display Association, the graphic character collection is independently of the electronic equipment;
Associating between the specific position and shown character on the visualization display screen is based on setting independently of the electronics Standby definite display order;And
Wherein described graphic character collection and the book character collection include at least one common characters;
User's selection is allowed to be shown with the corresponding one or more visualizations of character on the graphic character collection Shield position;
The secure identifier of input is determined based on graphic character associated with selected one or more position;With
By the secure identifier of the input compared with storing predetermined secure identifier in the database, if compared into Work(then provides the access to the user account;
Wherein described graphic character collection is to customize and be linked to the user account.
17. a kind of system for being used to provide the access to user account via the electronic equipment with visualization display screen, described System includes:
Processor communicates via network with the electronic equipment;
The input-output apparatus of the processor, the input-output apparatus are used to send at least one safety to the user Identifier, the secure identifier include one or more characters that selection is concentrated from book character, and the book character Collection independently of the electronic equipment, and be user's subset it is exclusive;With
With the database of the processor communication, the database is for storing at least one secure identifier and described pre- Determine character set;
Wherein described processor is configured as:
One is provided on above-mentioned visualization display screen and accesses interface so that above-mentioned user inputs above-mentioned secure identifier, wherein should Accessing interface includes a graphic character collection, includes at least the character for forming above-mentioned secure identifier;
The character and the specific position phase on visualization display screen that the graphic character collection is arranged such that each display Association, the graphic character collection is independently of the electronic equipment;
Associating between the specific position and shown character on the visualization display screen is based on setting independently of the electronics Standby definite display order;And
Wherein described graphic character collection and the book character collection include at least one common characters;
Determine the one or more visualization screen positions selected by the user, one or more of visualization display screens Position corresponds to the character on the graphic character collection;
Input is determined based on graphic character associated with one or more visualization screen positions that user selects Secure identifier;And
The secure identifier of above-mentioned input is compared with the secure identifier stored in the database, and will be above-mentioned The secure identifier of input is compared with the predetermined secure identifier stored in the database, if compared successfully, Access to above-mentioned user account is provided;
Wherein described graphic character collection is to customize and be linked to the user account.
18. it is a kind of for providing the system of the access to user account, the system comprises:
Input-output apparatus for receiving the request for accessing the user account, and is visited for being sent in response to the request Ask interface, wherein the access interface includes graphic character collection, the graphic character collection includes at least character, described Secure identifier of the character composition with one or more characters that selection is concentrated from book character;
The graphic character collection is arranged such that on the visualization display screen of each shown character and electronic equipment Specific position be associated, the graphic character collection and the book character collection are independently from the electronic equipment;
Associating based on independently of the electronic equipment between the specific position and shown character on visualization display screen and Definite display order, and wherein described graphic character collection and the book character collection include at least one public word Symbol;
The book character collection be user's subset it is exclusive;
The display character set is configured as that user is allowed to select and the character corresponding one on the graphic character collection A or multiple visualization screen positions;With
Input is determined based on graphic character associated with one or more visualization screen positions that user selects Secure identifier;With
Via the processor that network communicates with the input-output apparatus and the electronic equipment, the processor is used to receive The secure identifier of the input and by it compared with storing predetermined secure identifier in the database, if compared into Work(then provides the access to the user account;
Wherein described graphic character collection is to customize and be linked to the user account.
19. it is a kind of for providing the system of the access to user account, the system comprises:
For receiving the input-output apparatus of at least one secure identifier, the secure identifier is included from book character collection One or more characters of middle selection;With
The electronic equipment to be communicated by network with the input-output apparatus, the electronic equipment have suitable for following operation Visualize display screen;
Request accesses user account and receives to input the access interface of the secure identifier, wherein access circle Face includes graphic character collection, and the graphic character collection includes at least the character for forming the secure identifier,
The graphic character collection be arranged such that each shown character with it is described visualize it is specific on display screen Position is associated,
The graphic character collection and the book character collection are independently from the electronic equipment;
The book character collection be user's subset it is exclusive;
Associating based on independently of the electronic equipment between the specific position and shown character on visualization display screen And definite display order,
Wherein described graphic character collection and the book character collection include at least one common characters;
User's selection is allowed to be shown with the corresponding one or more visualizations of character on the graphic character collection Shield position;
The secure identifier of input is determined based on graphic character associated with selected one or more position;With
If the comparison success between the predetermined secure identifier of the secure identifier and storage of the input in the database, Access the user account;
Wherein described graphic character collection is to customize and be linked to the user account.
20. according to the system described in claim 17 or 18 or 19, wherein, one or more of visualizations selected by user Screen position is selected using pointer driving device or touch-screen.
21. according to the system described in claim 17 or 18 or 19, the processor is additionally configured to:If it has input incorrect Secure identifier pre-determined number, then access of the refusal to the user account.
22. according to the system described in claim 17 or 18 or 19, wherein, by selecting on the graphic character collection extremely It inputs the secure identifier a few character portion, and inputs the safety with passing through the key section selected in conventional keyboard Identifier.
23. according to the system described in claim 17 or 18 or 19, wherein, the character that the book character is concentrated is included from by word The one or more character types selected in the group that female number, punctuation mark, image, picture and color form.
24. according to the system described in claim 17 or 18 or 19, wherein, it attempts to access for each, the graphical display word Symbol collection is in a different order or orientation is shown.
25. according to the system described in claim 17 or 18 or 19, the processor is additionally configured to:If it is shown from the figure Show and exclusion character has been selected in character set, then access of the refusal to the user account.
26. according to the system described in claim 17 or 18 or 19, wherein, the book character collection and secure identifier are for every A user is variable.
27. according to the system described in claim 17 or 18 or 19, wherein book character collection is the account keeper of the user It is proprietary.
CN201610088415.8A 2009-10-16 2010-10-14 The system and method for improving user account access security Expired - Fee Related CN105844139B (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
AU2009905040 2009-10-16
AU2009905040A AU2009905040A0 (en) 2009-10-16 System and method for improving security of user account access
CN2010800468350A CN102741851A (en) 2009-10-16 2010-10-14 System and method for improving security of user account access

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
CN2010800468350A Division CN102741851A (en) 2009-10-16 2010-10-14 System and method for improving security of user account access

Publications (2)

Publication Number Publication Date
CN105844139A CN105844139A (en) 2016-08-10
CN105844139B true CN105844139B (en) 2018-06-05

Family

ID=43875717

Family Applications (2)

Application Number Title Priority Date Filing Date
CN2010800468350A Pending CN102741851A (en) 2009-10-16 2010-10-14 System and method for improving security of user account access
CN201610088415.8A Expired - Fee Related CN105844139B (en) 2009-10-16 2010-10-14 The system and method for improving user account access security

Family Applications Before (1)

Application Number Title Priority Date Filing Date
CN2010800468350A Pending CN102741851A (en) 2009-10-16 2010-10-14 System and method for improving security of user account access

Country Status (10)

Country Link
US (1) US9390249B2 (en)
EP (1) EP2489149B1 (en)
JP (2) JP2013507699A (en)
KR (1) KR101746732B1 (en)
CN (2) CN102741851A (en)
AU (1) AU2010306408B2 (en)
BR (1) BR112012008975A8 (en)
CA (1) CA2777248C (en)
RU (1) RU2012117970A (en)
WO (1) WO2011044630A1 (en)

Families Citing this family (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140101437A1 (en) * 2012-10-04 2014-04-10 Wurldtech Security Technologies Automated certification based on role
EP2770456A1 (en) * 2013-02-21 2014-08-27 GIRA GIERSIEPEN GmbH & Co. KG Variable code keyboard
CA2905733A1 (en) * 2013-03-11 2014-10-09 Cfph, Llc Devices for gaming
CN104283840B (en) * 2013-07-02 2019-02-26 深圳市腾讯计算机系统有限公司 Improve method, client and the system of network-access security
CN103856640B (en) * 2014-01-07 2015-07-01 腾讯科技(深圳)有限公司 Method and system for processing user resource information
CN105024986B (en) * 2014-04-30 2019-09-17 腾讯科技(深圳)有限公司 The methods, devices and systems that account number logs in
CN105224858A (en) * 2014-06-05 2016-01-06 阿里巴巴集团控股有限公司 A kind of interface for password input display packing and system
CN104125234A (en) * 2014-08-06 2014-10-29 沈文策 Method and system for dynamic image security verification
US9768959B2 (en) * 2014-10-27 2017-09-19 Acxiom Corporation Computer security system and method to protect against keystroke logging
US10803148B2 (en) 2015-03-13 2020-10-13 Walmart Apollo, Llc Method and system for motivating proper prescription drug usage
US9910959B2 (en) 2015-03-13 2018-03-06 Wal-Mart Stores, Inc. Entry, storage and retrieval of medical information from a pharmacy
JP6493973B2 (en) * 2015-05-27 2019-04-03 株式会社日本総合研究所 Character string input method and program
CN104915592B (en) * 2015-05-28 2017-03-08 东莞盛世科技电子实业有限公司 Password setting method and its equipment
EP3136275A1 (en) * 2015-08-28 2017-03-01 Thomson Licensing Digital authentication using augmented reality
CN105404833A (en) * 2015-10-23 2016-03-16 广东小天才科技有限公司 Method and device for protecting personal privacy
CN105530260B (en) * 2015-12-22 2019-01-01 网易(杭州)网络有限公司 A kind of setting method and device of the safety identification information for website
CN105740672B (en) * 2016-01-29 2018-09-14 宇龙计算机通信科技(深圳)有限公司 Terminal unlock method and terminal unlocking device
CN108063770A (en) * 2017-12-26 2018-05-22 重庆硕德信息技术有限公司 Intranet safety management system
US11455386B2 (en) * 2019-10-07 2022-09-27 International Business Machines Corporation Authentication based on image classification
CN113486311B (en) * 2021-07-22 2023-06-02 中国联合网络通信集团有限公司 Access authorization method and device

Family Cites Families (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE19620346A1 (en) * 1996-05-21 1997-11-27 Bosch Gmbh Robert Graphical password log-in procedure for user of data terminal in computer system
US6630928B1 (en) * 1999-10-01 2003-10-07 Hewlett-Packard Development Company, L.P. Method and apparatus for touch screen data entry
JP4275323B2 (en) * 2001-03-02 2009-06-10 京セラ株式会社 Mobile communication terminal and PIN authentication system
HU0101106D0 (en) 2001-03-14 2001-05-28 Tozai Trading Corp Id alsorithm
JP2004102460A (en) * 2002-09-06 2004-04-02 Hitachi Software Eng Co Ltd Personal authentication method and program therefor
JP2004178584A (en) * 2002-11-26 2004-06-24 Asulab Sa Input method of security code by touch screen for accessing function, device or specific place, and device for executing the method
US20050193208A1 (en) * 2004-02-26 2005-09-01 Charrette Edmond E.Iii User authentication
WO2006128228A1 (en) * 2005-05-31 2006-12-07 Aristocrat Technologies Australia Pty Ltd Password entry system
US7656272B2 (en) * 2005-08-28 2010-02-02 Marcon International, Inc. Gaming security system and associated methods for selectively granting access
JP2007293562A (en) * 2006-04-25 2007-11-08 Nec Access Technica Ltd Authentication device, line concentrator, authentication method, and authentication program
JP2007310475A (en) * 2006-05-16 2007-11-29 Hitachi Systems & Services Ltd Password input method in trading system
US20070277224A1 (en) 2006-05-24 2007-11-29 Osborn Steven L Methods and Systems for Graphical Image Authentication
US8732477B2 (en) * 2006-05-24 2014-05-20 Confident Technologies, Inc. Graphical image authentication and security system
JP5121190B2 (en) * 2006-09-04 2013-01-16 日立オムロンターミナルソリューションズ株式会社 Input device and automatic teller machine
JP2008204409A (en) * 2007-02-23 2008-09-04 Oki Electric Ind Co Ltd Password input display device and method
JP2008225742A (en) * 2007-03-12 2008-09-25 Something Good:Kk Password input device
US8091138B2 (en) * 2007-09-06 2012-01-03 International Business Machines Corporation Method and apparatus for controlling the presentation of confidential content
JP2009104314A (en) * 2007-10-22 2009-05-14 Nec Corp Image selection authentication system, authentication server device, image selection authentication method, and image selection authentication program
JP2009163384A (en) * 2007-12-28 2009-07-23 Kyodo Printing Co Ltd Data input system and the data input method

Also Published As

Publication number Publication date
CN105844139A (en) 2016-08-10
AU2010306408A1 (en) 2012-05-10
EP2489149A1 (en) 2012-08-22
JP6043009B2 (en) 2016-12-14
JP2016192215A (en) 2016-11-10
EP2489149A4 (en) 2013-12-11
WO2011044630A1 (en) 2011-04-21
BR112012008975A2 (en) 2016-04-05
US9390249B2 (en) 2016-07-12
CA2777248A1 (en) 2011-04-21
BR112012008975A8 (en) 2018-06-12
KR101746732B1 (en) 2017-06-27
RU2012117970A (en) 2013-11-27
AU2010306408B2 (en) 2015-08-20
US20120204247A1 (en) 2012-08-09
CA2777248C (en) 2017-07-25
CN102741851A (en) 2012-10-17
JP2013507699A (en) 2013-03-04
KR20120096490A (en) 2012-08-30
EP2489149B1 (en) 2019-04-17

Similar Documents

Publication Publication Date Title
CN105844139B (en) The system and method for improving user account access security
Petsas et al. Two-factor authentication: is the world ready? Quantifying 2FA adoption
US7461399B2 (en) PIN recovery in a smart card
US7908645B2 (en) System and method for fraud monitoring, detection, and tiered user authentication
US20060020812A1 (en) System and method of using human friendly representations of mathematical function results and transaction analysis to prevent fraud
US20110202982A1 (en) Methods And Systems For Management Of Image-Based Password Accounts
US20060090073A1 (en) System and method of using human friendly representations of mathematical values and activity analysis to confirm authenticity
CN109257333A (en) User authen method and equipment and security ststem
US7904947B2 (en) Gateway log in system with user friendly combination lock
WO2013070124A1 (en) Apparatus and methods for obtaining a password hint
US20130117813A1 (en) Kill switch security method and system
CA3002678C (en) Interception-proof authentication and encryption system and method
Manjula et al. Pre-authorization and post-authorization techniques for detecting and preventing the session hijacking
CA2611549C (en) Method and system for providing a secure login solution using one-time passwords
LIM Multi-grid background Pass-Go
Golla et al. " I want my money back!" Limiting Online Password-Guessing Financially.
Majdalawieh et al. Assessing the Attacks Against the Online Authentication Methods Using a Comparison Matrix: A Case of Online Banking
Al-Serhani et al. Vulnerabilities and exploitation of universities’ registration tools
Zubrus SecureX: Technical Report
Ranjan et al. Three Steps Secure Login: A systematic approach
Chakraborty et al. NESec: A Modified-UI Honeyword Generation Strategy for Mitigating Targeted Guessing Attacks
Lang Reconciling usability and security: Interaction design guidance and practices for on-line user authentication
Lang Reconciling Usability and Security: Interaction Design
Wilson Tips to stop your users from being phished
Schneier Usability and Psychology

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20171026

Address after: New South Wales Australia

Applicant after: ARMORLOG Ltd.

Address before: Isle of man

Applicant before: Armorlog Ltd.

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20180605

CF01 Termination of patent right due to non-payment of annual fee